CVE-2019-3948

🗓️ 29 Jul 2019 21:47:27Reported by tenableType

Multiple Dahua and Amcrest devices do not require authentication, allowing unauthenticated remote access to /videotalk endpoint, potentially compromising audio.

Reporter	Title	Published	Views	Family All 15
0day.today	Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming Exploit	30 Jul 201900:00	–	zdt
Circl	CVE-2019-3948	30 Jul 201900:00	–	circl
CNVD	Amcrest IP2M-841B Authentication Bypass Vulnerability	31 Jul 201900:00	–	cnvd
Check Point Advisories	Dahua Amcrest IP Camera Information Disclosure (CVE-2019-3948)	11 Aug 201900:00	–	checkpoint_advisories
Cvelist	CVE-2019-3948	29 Jul 201921:47	–	cvelist
Exploit DB	Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming	30 Jul 201900:00	–	exploitdb
exploitpack	Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming	30 Jul 201900:00	–	exploitpack
NVD	CVE-2019-3948	29 Jul 201922:15	–	nvd
OpenVAS	Amcrest Technologies IP Camera Unauthenticated Remote Audio Streaming Vulnerability	31 Jul 201900:00	–	openvas
OSV	CVE-2019-3948	29 Jul 201922:15	–	osv

NVD

Node

amcrest ip2m-841b_firmwareMatch2.520.ac00.18.r

AND

amcrest ip2m-841bMatch-

Node

dahua dh-ipc-hx863xRange<2018-05-18

dahua dh-ipc-hx883xRange<2018-05-18

dahua dh-sd4xxxxxRange<2018-05-18

dahua dh-sd5xxxxxRange<2018-05-18

dahua dh-sd6xxxxxRange<2018-05-18

dahua ipc-hx4x3xRange<2018-05-18

dahua ipc-hx5x3xRange<2018-05-18

dahua ipc-xxbxxRange<2018-05-18

dahua nvr2xxx-4ks2Range<2018-05-18

dahua nvr4xxx-4ks2Range<2018-05-18

dahua nvr5xxx-4ks2Range<2018-05-18

[
  {
    "product": "Dahua IPC-XXBXX",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V2.622.0000000.9.R"
      }
    ]
  },
  {
    "product": "Dahua IPC HX5X3X and HX4X3X",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V2.800.0000008.0.R"
      }
    ]
  },
  {
    "product": "Dahua DH-IPC HX883X and DH-IPC-HX863X",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V2.622.0000000.7.R"
      }
    ]
  },
  {
    "product": "Dahua DH-SD4XXXXX",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V2.623.0000000.7.R"
      }
    ]
  },
  {
    "product": "Dahua DH-SD5XXXXX",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V2.623.0000000.1.R"
      }
    ]
  },
  {
    "product": "Dahua DH-SD6XXXXX",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V2.640.0000000.2.R and V2.623.0000000.1.R"
      }
    ]
  },
  {
    "product": "Dahua NVR5XX-4KS2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V3.216.0000006.0.R"
      }
    ]
  },
  {
    "product": "Dahua NVR4XXX-4KS2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V3.216.0000006.0.R and NVR2XXX-4KS2"
      }
    ]
  }
]

Source	Link
tenable	www.tenable.com/security/research/tra-2019-36
packetstormsecurity	www.packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html
dahuasecurity	www.dahuasecurity.com/support/cybersecurity/details/627
us	www.us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf

21 Nov 2024 04:42Current

7.6High risk

Vulners AI Score7.6

CVSS 25

CVSS 37.5

EPSS0.45334

CWE-306

amcrest dahua ip camera vulnerability unauthenticated access /videotalk audio capture